pepr 0.12.2 → 0.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CODE_OF_CONDUCT.md +83 -0
- package/CONTRIBUTING.md +70 -0
- package/README.md +28 -30
- package/dist/cli.js +666 -692
- package/dist/controller.js +13 -81
- package/dist/lib/assets/deploy.d.ts +3 -0
- package/dist/lib/assets/deploy.d.ts.map +1 -0
- package/dist/lib/assets/index.d.ts +17 -0
- package/dist/lib/assets/index.d.ts.map +1 -0
- package/dist/lib/assets/loader.d.ts +8 -0
- package/dist/lib/assets/loader.d.ts.map +1 -0
- package/dist/lib/assets/networking.d.ts +6 -0
- package/dist/lib/assets/networking.d.ts.map +1 -0
- package/dist/lib/assets/pods.d.ts +8 -0
- package/dist/lib/assets/pods.d.ts.map +1 -0
- package/dist/lib/assets/rbac.d.ts +11 -0
- package/dist/lib/assets/rbac.d.ts.map +1 -0
- package/dist/lib/assets/webhooks.d.ts +6 -0
- package/dist/lib/assets/webhooks.d.ts.map +1 -0
- package/dist/lib/assets/yaml.d.ts +4 -0
- package/dist/lib/assets/yaml.d.ts.map +1 -0
- package/dist/lib/capability.d.ts +4 -9
- package/dist/lib/capability.d.ts.map +1 -1
- package/dist/lib/controller.d.ts +4 -15
- package/dist/lib/controller.d.ts.map +1 -1
- package/dist/lib/errors.d.ts +12 -0
- package/dist/lib/errors.d.ts.map +1 -0
- package/dist/lib/filter.d.ts +1 -1
- package/dist/lib/filter.d.ts.map +1 -1
- package/dist/lib/k8s/index.d.ts +2 -1
- package/dist/lib/k8s/index.d.ts.map +1 -1
- package/dist/lib/k8s/kinds.d.ts.map +1 -1
- package/dist/lib/k8s/types.d.ts +18 -14
- package/dist/lib/k8s/types.d.ts.map +1 -1
- package/dist/lib/k8s/upstream.d.ts +2 -2
- package/dist/lib/k8s/upstream.d.ts.map +1 -1
- package/dist/lib/logger.d.ts +8 -54
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/metrics.d.ts +10 -9
- package/dist/lib/metrics.d.ts.map +1 -1
- package/dist/lib/module.d.ts +4 -4
- package/dist/lib/module.d.ts.map +1 -1
- package/dist/lib/mutate-processor.d.ts +5 -0
- package/dist/lib/mutate-processor.d.ts.map +1 -0
- package/dist/lib/{request.d.ts → mutate-request.d.ts} +7 -7
- package/dist/lib/mutate-request.d.ts.map +1 -0
- package/dist/lib/types.d.ts +48 -55
- package/dist/lib/types.d.ts.map +1 -1
- package/dist/lib/validate-processor.d.ts +4 -0
- package/dist/lib/validate-processor.d.ts.map +1 -0
- package/dist/lib/validate-request.d.ts +54 -0
- package/dist/lib/validate-request.d.ts.map +1 -0
- package/dist/lib.d.ts +3 -2
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +610 -354
- package/dist/lib.js.map +4 -4
- package/jest.config.json +4 -0
- package/journey/before.ts +21 -0
- package/journey/k8s.ts +81 -0
- package/journey/pepr-build.ts +69 -0
- package/journey/pepr-deploy.ts +133 -0
- package/journey/pepr-dev.ts +155 -0
- package/journey/pepr-format.ts +13 -0
- package/journey/pepr-init.ts +12 -0
- package/package.json +29 -27
- package/src/cli.ts +2 -11
- package/src/lib/assets/deploy.ts +179 -0
- package/src/lib/assets/index.ts +53 -0
- package/src/lib/assets/loader.ts +41 -0
- package/src/lib/assets/networking.ts +58 -0
- package/src/lib/assets/pods.ts +148 -0
- package/src/lib/assets/rbac.ts +57 -0
- package/src/lib/assets/webhooks.ts +139 -0
- package/src/lib/assets/yaml.ts +75 -0
- package/src/lib/capability.ts +80 -68
- package/src/lib/controller.ts +199 -99
- package/src/lib/errors.ts +20 -0
- package/src/lib/fetch.ts +1 -1
- package/src/lib/filter.ts +1 -3
- package/src/lib/k8s/index.ts +4 -1
- package/src/lib/k8s/kinds.ts +40 -0
- package/src/lib/k8s/types.ts +21 -15
- package/src/lib/k8s/upstream.ts +5 -1
- package/src/lib/logger.ts +14 -125
- package/src/lib/metrics.ts +86 -29
- package/src/lib/module.ts +32 -16
- package/src/lib/{processor.ts → mutate-processor.ts} +39 -28
- package/src/lib/{request.ts → mutate-request.ts} +26 -13
- package/src/lib/types.ts +54 -60
- package/src/lib/validate-processor.ts +76 -0
- package/src/lib/validate-request.ts +106 -0
- package/src/lib.ts +4 -2
- package/src/runtime/controller.ts +1 -1
- package/dist/lib/k8s/webhook.d.ts +0 -37
- package/dist/lib/k8s/webhook.d.ts.map +0 -1
- package/dist/lib/processor.d.ts +0 -5
- package/dist/lib/processor.d.ts.map +0 -1
- package/dist/lib/request.d.ts.map +0 -1
- package/src/lib/k8s/webhook.ts +0 -643
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { Capability } from "./capability";
|
|
2
|
+
import { MutateResponse, Request } from "./k8s/types";
|
|
3
|
+
import { ModuleConfig } from "./types";
|
|
4
|
+
export declare function mutateProcessor(config: ModuleConfig, capabilities: Capability[], req: Request, reqMetadata: Record<string, string>): Promise<MutateResponse>;
|
|
5
|
+
//# sourceMappingURL=mutate-processor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mutate-processor.d.ts","sourceRoot":"","sources":["../../src/lib/mutate-processor.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAGvC,wBAAsB,eAAe,CACnC,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE,UAAU,EAAE,EAC1B,GAAG,EAAE,OAAO,EACZ,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,OAAO,CAAC,cAAc,CAAC,CAgIzB"}
|
|
@@ -4,8 +4,8 @@ import { DeepPartial } from "./types";
|
|
|
4
4
|
* The RequestWrapper class provides methods to modify Kubernetes objects in the context
|
|
5
5
|
* of a mutating webhook request.
|
|
6
6
|
*/
|
|
7
|
-
export declare class
|
|
8
|
-
private
|
|
7
|
+
export declare class PeprMutateRequest<T extends KubernetesObject> {
|
|
8
|
+
#private;
|
|
9
9
|
Raw: T;
|
|
10
10
|
get PermitSideEffects(): boolean;
|
|
11
11
|
/**
|
|
@@ -24,10 +24,10 @@ export declare class PeprRequest<T extends KubernetesObject> {
|
|
|
24
24
|
*/
|
|
25
25
|
get Request(): Request<T>;
|
|
26
26
|
/**
|
|
27
|
-
* Creates a new instance of the
|
|
27
|
+
* Creates a new instance of the action class.
|
|
28
28
|
* @param input - The request object containing the Kubernetes resource to modify.
|
|
29
29
|
*/
|
|
30
|
-
constructor(
|
|
30
|
+
constructor(input: Request<T>);
|
|
31
31
|
/**
|
|
32
32
|
* Deep merges the provided object with the current resource.
|
|
33
33
|
*
|
|
@@ -38,14 +38,14 @@ export declare class PeprRequest<T extends KubernetesObject> {
|
|
|
38
38
|
* Updates a label on the Kubernetes resource.
|
|
39
39
|
* @param key - The key of the label to update.
|
|
40
40
|
* @param value - The value of the label.
|
|
41
|
-
* @returns The current
|
|
41
|
+
* @returns The current action instance for method chaining.
|
|
42
42
|
*/
|
|
43
43
|
SetLabel(key: string, value: string): this;
|
|
44
44
|
/**
|
|
45
45
|
* Updates an annotation on the Kubernetes resource.
|
|
46
46
|
* @param key - The key of the annotation to update.
|
|
47
47
|
* @param value - The value of the annotation.
|
|
48
|
-
* @returns The current
|
|
48
|
+
* @returns The current action instance for method chaining.
|
|
49
49
|
*/
|
|
50
50
|
SetAnnotation(key: string, value: string): this;
|
|
51
51
|
/**
|
|
@@ -75,4 +75,4 @@ export declare class PeprRequest<T extends KubernetesObject> {
|
|
|
75
75
|
*/
|
|
76
76
|
HasAnnotation(key: string): boolean;
|
|
77
77
|
}
|
|
78
|
-
//# sourceMappingURL=request.d.ts.map
|
|
78
|
+
//# sourceMappingURL=mutate-request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mutate-request.d.ts","sourceRoot":"","sources":["../../src/lib/mutate-request.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAa,OAAO,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC;;;GAGG;AACH,qBAAa,iBAAiB,CAAC,CAAC,SAAS,gBAAgB;;IACvD,GAAG,EAAE,CAAC,CAAC;IAIP,IAAI,iBAAiB,YAEpB;IAED;;;OAGG;IACH,IAAI,QAAQ,wBAEX;IAED;;;OAGG;IACH,IAAI,WAAW,kBAEd;IAED;;;OAGG;IACH,IAAI,OAAO,eAEV;IAED;;;OAGG;gBACS,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAyB7B;;;;OAIG;IACH,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;IAIzB;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAUnC;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAUxC;;;;OAIG;IACH,WAAW,CAAC,GAAG,EAAE,MAAM;IAQvB;;;;OAIG;IACH,gBAAgB,CAAC,GAAG,EAAE,MAAM;IAQ5B;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM;IAIpB;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM;CAG1B"}
|
package/dist/lib/types.d.ts
CHANGED
|
@@ -1,26 +1,10 @@
|
|
|
1
1
|
import { GroupVersionKind, KubernetesObject, WebhookIgnore } from "./k8s/types";
|
|
2
|
-
import {
|
|
2
|
+
import { PeprMutateRequest } from "./mutate-request";
|
|
3
|
+
import { PeprValidateRequest } from "./validate-request";
|
|
3
4
|
export type PackageJSON = {
|
|
4
5
|
description: string;
|
|
5
6
|
pepr: ModuleConfig;
|
|
6
7
|
};
|
|
7
|
-
/**
|
|
8
|
-
* The behavior of this module when an error occurs.
|
|
9
|
-
*/
|
|
10
|
-
export declare enum ErrorBehavior {
|
|
11
|
-
ignore = "ignore",
|
|
12
|
-
audit = "audit",
|
|
13
|
-
reject = "reject"
|
|
14
|
-
}
|
|
15
|
-
/**
|
|
16
|
-
* The phase of the Kubernetes admission webhook that the capability is registered for.
|
|
17
|
-
*
|
|
18
|
-
* Currently only `mutate` is supported.
|
|
19
|
-
*/
|
|
20
|
-
export declare enum HookPhase {
|
|
21
|
-
mutate = "mutate",
|
|
22
|
-
validate = "validate"
|
|
23
|
-
}
|
|
24
8
|
/**
|
|
25
9
|
* Recursively make all properties in T optional.
|
|
26
10
|
*/
|
|
@@ -28,7 +12,7 @@ export type DeepPartial<T> = {
|
|
|
28
12
|
[P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
|
|
29
13
|
};
|
|
30
14
|
/**
|
|
31
|
-
* The type of Kubernetes mutating webhook event that the
|
|
15
|
+
* The type of Kubernetes mutating webhook event that the action is registered for.
|
|
32
16
|
*/
|
|
33
17
|
export declare enum Event {
|
|
34
18
|
Create = "CREATE",
|
|
@@ -51,13 +35,9 @@ export interface CapabilityCfg {
|
|
|
51
35
|
* This does not supersede the `alwaysIgnore` global configuration.
|
|
52
36
|
*/
|
|
53
37
|
namespaces?: string[];
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
* Declare if this capability should be used for mutation or validation. Currently this is not used
|
|
58
|
-
* and everything is considered a mutation.
|
|
59
|
-
*/
|
|
60
|
-
mutateOrValidate?: HookPhase;
|
|
38
|
+
}
|
|
39
|
+
export interface CapabilityExport extends CapabilityCfg {
|
|
40
|
+
bindings: Binding[];
|
|
61
41
|
}
|
|
62
42
|
export type ModuleSigning = {
|
|
63
43
|
/**
|
|
@@ -86,7 +66,7 @@ export type ModuleConfig = {
|
|
|
86
66
|
/** A description of the Pepr module and what it does. */
|
|
87
67
|
description?: string;
|
|
88
68
|
/** Reject K8s resource AdmissionRequests on error. */
|
|
89
|
-
onError
|
|
69
|
+
onError?: string;
|
|
90
70
|
/** Configure global exclusions that will never be processed by Pepr. */
|
|
91
71
|
alwaysIgnore: WebhookIgnore;
|
|
92
72
|
/**
|
|
@@ -99,17 +79,19 @@ export type ModuleConfig = {
|
|
|
99
79
|
};
|
|
100
80
|
export type GenericClass = abstract new () => any;
|
|
101
81
|
export type WhenSelector<T extends GenericClass> = {
|
|
102
|
-
/** Register
|
|
82
|
+
/** Register an action to be executed when a Kubernetes resource is created or updated. */
|
|
103
83
|
IsCreatedOrUpdated: () => BindingAll<T>;
|
|
104
|
-
/** Register
|
|
84
|
+
/** Register an action to be executed when a Kubernetes resource is created. */
|
|
105
85
|
IsCreated: () => BindingAll<T>;
|
|
106
|
-
/** Register
|
|
86
|
+
/** Register ann action to be executed when a Kubernetes resource is updated. */
|
|
107
87
|
IsUpdated: () => BindingAll<T>;
|
|
108
|
-
/** Register
|
|
88
|
+
/** Register an action to be executed when a Kubernetes resource is deleted. */
|
|
109
89
|
IsDeleted: () => BindingAll<T>;
|
|
110
90
|
};
|
|
111
91
|
export type Binding = {
|
|
112
92
|
event: Event;
|
|
93
|
+
isMutate?: boolean;
|
|
94
|
+
isValidate?: boolean;
|
|
113
95
|
readonly kind: GroupVersionKind;
|
|
114
96
|
readonly filters: {
|
|
115
97
|
name: string;
|
|
@@ -117,11 +99,12 @@ export type Binding = {
|
|
|
117
99
|
labels: Record<string, string>;
|
|
118
100
|
annotations: Record<string, string>;
|
|
119
101
|
};
|
|
120
|
-
readonly
|
|
102
|
+
readonly mutateCallback?: MutateAction<GenericClass, InstanceType<GenericClass>>;
|
|
103
|
+
readonly validateCallback?: ValidateAction<GenericClass, InstanceType<GenericClass>>;
|
|
121
104
|
};
|
|
122
|
-
export type BindingFilter<T extends GenericClass> =
|
|
105
|
+
export type BindingFilter<T extends GenericClass> = CommonActionChain<T> & {
|
|
123
106
|
/**
|
|
124
|
-
* Only apply the
|
|
107
|
+
* Only apply the action if the resource has the specified label. If no value is specified, the label must exist.
|
|
125
108
|
* Note multiple calls to this method will result in an AND condition. e.g.
|
|
126
109
|
*
|
|
127
110
|
* ```ts
|
|
@@ -129,17 +112,17 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
|
|
|
129
112
|
* .IsCreated()
|
|
130
113
|
* .WithLabel("foo", "bar")
|
|
131
114
|
* .WithLabel("baz", "qux")
|
|
132
|
-
* .
|
|
115
|
+
* .Mutate(...)
|
|
133
116
|
* ```
|
|
134
117
|
*
|
|
135
|
-
* Will only apply the
|
|
118
|
+
* Will only apply the action if the resource has both the `foo=bar` and `baz=qux` labels.
|
|
136
119
|
*
|
|
137
120
|
* @param key
|
|
138
121
|
* @param value
|
|
139
122
|
*/
|
|
140
123
|
WithLabel: (key: string, value?: string) => BindingFilter<T>;
|
|
141
124
|
/**
|
|
142
|
-
* Only apply the
|
|
125
|
+
* Only apply the action if the resource has the specified annotation. If no value is specified, the annotation must exist.
|
|
143
126
|
* Note multiple calls to this method will result in an AND condition. e.g.
|
|
144
127
|
*
|
|
145
128
|
* ```ts
|
|
@@ -147,10 +130,10 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
|
|
|
147
130
|
* .IsCreated()
|
|
148
131
|
* .WithAnnotation("foo", "bar")
|
|
149
132
|
* .WithAnnotation("baz", "qux")
|
|
150
|
-
* .
|
|
133
|
+
* .Mutate(...)
|
|
151
134
|
* ```
|
|
152
135
|
*
|
|
153
|
-
* Will only apply the
|
|
136
|
+
* Will only apply the action if the resource has both the `foo=bar` and `baz=qux` annotations.
|
|
154
137
|
*
|
|
155
138
|
* @param key
|
|
156
139
|
* @param value
|
|
@@ -158,38 +141,48 @@ export type BindingFilter<T extends GenericClass> = BindToActionOrSet<T> & {
|
|
|
158
141
|
WithAnnotation: (key: string, value?: string) => BindingFilter<T>;
|
|
159
142
|
};
|
|
160
143
|
export type BindingWithName<T extends GenericClass> = BindingFilter<T> & {
|
|
161
|
-
/** Only apply the
|
|
144
|
+
/** Only apply the action if the resource name matches the specified name. */
|
|
162
145
|
WithName: (name: string) => BindingFilter<T>;
|
|
163
146
|
};
|
|
164
147
|
export type BindingAll<T extends GenericClass> = BindingWithName<T> & {
|
|
165
|
-
/** Only apply the
|
|
148
|
+
/** Only apply the action if the resource is in one of the specified namespaces.*/
|
|
166
149
|
InNamespace: (...namespaces: string[]) => BindingWithName<T>;
|
|
167
150
|
};
|
|
168
|
-
export type
|
|
151
|
+
export type CommonActionChain<T extends GenericClass> = MutateActionChain<T> & {
|
|
169
152
|
/**
|
|
170
|
-
* Create a new
|
|
153
|
+
* Create a new MUTATE action with the specified callback function and previously specified
|
|
171
154
|
* filters.
|
|
172
|
-
* @param action The
|
|
155
|
+
* @param action The action to be executed when the Kubernetes resource is processed by the AdmissionController.
|
|
173
156
|
*/
|
|
174
|
-
|
|
157
|
+
Mutate: (action: MutateAction<T, InstanceType<T>>) => MutateActionChain<T>;
|
|
175
158
|
};
|
|
176
|
-
export type
|
|
159
|
+
export type MutateActionChain<T extends GenericClass> = {
|
|
177
160
|
/**
|
|
178
|
-
*
|
|
179
|
-
*
|
|
180
|
-
*
|
|
181
|
-
* Example change the `minReadySeconds` to 3 of a deployment when it is created:
|
|
161
|
+
* Create a new VALIDATE action with the specified callback function and previously specified
|
|
162
|
+
* filters. Return the `request.Approve()` or `Request.Deny()` methods to approve or deny the request:
|
|
182
163
|
*
|
|
164
|
+
* @example
|
|
183
165
|
* ```ts
|
|
184
166
|
* When(a.Deployment)
|
|
185
167
|
* .IsCreated()
|
|
186
|
-
* .
|
|
168
|
+
* .Validate(request => {
|
|
169
|
+
* if (request.HasLabel("foo")) {
|
|
170
|
+
* return request.Approve();
|
|
171
|
+
* }
|
|
172
|
+
*
|
|
173
|
+
* return request.Deny("Deployment must have label foo");
|
|
174
|
+
* });
|
|
187
175
|
* ```
|
|
188
176
|
*
|
|
189
|
-
* @param
|
|
190
|
-
* @returns
|
|
177
|
+
* @param action The action to be executed when the Kubernetes resource is processed by the AdmissionController.
|
|
191
178
|
*/
|
|
192
|
-
|
|
179
|
+
Validate: (action: ValidateAction<T, InstanceType<T>>) => void;
|
|
180
|
+
};
|
|
181
|
+
export type MutateAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprMutateRequest<K>) => Promise<void> | void | Promise<PeprMutateRequest<K>> | PeprMutateRequest<K>;
|
|
182
|
+
export type ValidateAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprValidateRequest<K>) => Promise<ValidateResponse> | ValidateResponse;
|
|
183
|
+
export type ValidateResponse = {
|
|
184
|
+
allowed: boolean;
|
|
185
|
+
statusCode?: number;
|
|
186
|
+
statusMessage?: string;
|
|
193
187
|
};
|
|
194
|
-
export type CapabilityAction<T extends GenericClass, K extends KubernetesObject = InstanceType<T>> = (req: PeprRequest<K>) => Promise<void> | void | Promise<PeprRequest<K>> | PeprRequest<K>;
|
|
195
188
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/lib/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,MAAM,MAAM,WAAW,GAAG;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI;KAC1B,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAC;AAEF;;GAEG;AACH,oBAAY,KAAK;IACf,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,cAAc,mBAAmB;IACjC,GAAG,MAAM;CACV;AAED,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,gBAAiB,SAAQ,aAAa;IACrD,QAAQ,EAAE,OAAO,EAAE,CAAC;CACrB;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,sBAAsB,GAAG,eAAe,GAAG,MAAM,CAAC;IAClE;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAEF,iDAAiD;AACjD,MAAM,MAAM,YAAY,GAAG;IACzB,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yFAAyF;IACzF,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,YAAY,EAAE,aAAa,CAAC;IAC5B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB,CAAC;AAGF,MAAM,MAAM,YAAY,GAAG,QAAQ,WAAW,GAAG,CAAC;AAElD,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,IAAI;IACjD,0FAA0F;IAC1F,kBAAkB,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IACxC,+EAA+E;IAC/E,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,gFAAgF;IAChF,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,+EAA+E;IAC/E,SAAS,EAAE,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACrC,CAAC;IACF,QAAQ,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;IACjF,QAAQ,CAAC,gBAAgB,CAAC,EAAE,cAAc,CAAC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;CACtF,CAAC;AAEF,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,YAAY,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG;IACzE;;;;;;;;;;;;;;;;OAgBG;IACH,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7D;;;;;;;;;;;;;;;;OAgBG;IACH,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,YAAY,IAAI,aAAa,CAAC,CAAC,CAAC,GAAG;IACvE,6EAA6E;IAC7E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,UAAU,CAAC,CAAC,SAAS,YAAY,IAAI,eAAe,CAAC,CAAC,CAAC,GAAG;IACpE,kFAAkF;IAClF,WAAW,EAAE,CAAC,GAAG,UAAU,EAAE,MAAM,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,CAAC;CAC9D,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,YAAY,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG;IAC7E;;;;OAIG;IACH,MAAM,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,iBAAiB,CAAC,CAAC,CAAC,CAAC;CAC5E,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,YAAY,IAAI;IACtD;;;;;;;;;;;;;;;;;;OAkBG;IACH,QAAQ,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;CAChE,CAAC;AAEF,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CAC/F,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAAC,KACtB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;AAEjF,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CACjG,GAAG,EAAE,mBAAmB,CAAC,CAAC,CAAC,KACxB,OAAO,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAAC;AAElD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { Capability } from "./capability";
|
|
2
|
+
import { Request, ValidateResponse } from "./k8s/types";
|
|
3
|
+
export declare function validateProcessor(capabilities: Capability[], req: Request, reqMetadata: Record<string, string>): Promise<ValidateResponse>;
|
|
4
|
+
//# sourceMappingURL=validate-processor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validate-processor.d.ts","sourceRoot":"","sources":["../../src/lib/validate-processor.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAMxD,wBAAsB,iBAAiB,CACrC,YAAY,EAAE,UAAU,EAAE,EAC1B,GAAG,EAAE,OAAO,EACZ,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,OAAO,CAAC,gBAAgB,CAAC,CA4D3B"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { KubernetesObject, Request } from "./k8s/types";
|
|
2
|
+
import { ValidateResponse } from "./types";
|
|
3
|
+
/**
|
|
4
|
+
* The RequestWrapper class provides methods to modify Kubernetes objects in the context
|
|
5
|
+
* of a mutating webhook request.
|
|
6
|
+
*/
|
|
7
|
+
export declare class PeprValidateRequest<T extends KubernetesObject> {
|
|
8
|
+
#private;
|
|
9
|
+
Raw: T;
|
|
10
|
+
/**
|
|
11
|
+
* Provides access to the old resource in the request if available.
|
|
12
|
+
* @returns The old Kubernetes resource object or null if not available.
|
|
13
|
+
*/
|
|
14
|
+
get OldResource(): T | undefined;
|
|
15
|
+
/**
|
|
16
|
+
* Provides access to the request object.
|
|
17
|
+
* @returns The request object containing the Kubernetes resource.
|
|
18
|
+
*/
|
|
19
|
+
get Request(): Request<T>;
|
|
20
|
+
/**
|
|
21
|
+
* Creates a new instance of the Action class.
|
|
22
|
+
* @param input - The request object containing the Kubernetes resource to modify.
|
|
23
|
+
*/
|
|
24
|
+
constructor(input: Request<T>);
|
|
25
|
+
/**
|
|
26
|
+
* Check if a label exists on the Kubernetes resource.
|
|
27
|
+
*
|
|
28
|
+
* @param key the label key to check
|
|
29
|
+
* @returns
|
|
30
|
+
*/
|
|
31
|
+
HasLabel(key: string): boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Check if an annotation exists on the Kubernetes resource.
|
|
34
|
+
*
|
|
35
|
+
* @param key the annotation key to check
|
|
36
|
+
* @returns
|
|
37
|
+
*/
|
|
38
|
+
HasAnnotation(key: string): boolean;
|
|
39
|
+
/**
|
|
40
|
+
* Create a validation response that allows the request.
|
|
41
|
+
*
|
|
42
|
+
* @returns The validation response.
|
|
43
|
+
*/
|
|
44
|
+
Approve(): ValidateResponse;
|
|
45
|
+
/**
|
|
46
|
+
* Create a validation response that denies the request.
|
|
47
|
+
*
|
|
48
|
+
* @param statusMessage Optional status message to return to the user.
|
|
49
|
+
* @param statusCode Optional status code to return to the user.
|
|
50
|
+
* @returns The validation response.
|
|
51
|
+
*/
|
|
52
|
+
Deny(statusMessage?: string, statusCode?: number): ValidateResponse;
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=validate-request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validate-request.d.ts","sourceRoot":"","sources":["../../src/lib/validate-request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,gBAAgB,EAAa,OAAO,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C;;;GAGG;AACH,qBAAa,mBAAmB,CAAC,CAAC,SAAS,gBAAgB;;IACzD,GAAG,EAAE,CAAC,CAAC;IAIP;;;OAGG;IACH,IAAI,WAAW,kBAEd;IAED;;;OAGG;IACH,IAAI,OAAO,eAEV;IAED;;;OAGG;gBACS,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAsB7B;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM;IAIpB;;;;;OAKG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM;IAIzB;;;;OAIG;IACH,OAAO,IAAI,gBAAgB;IAM3B;;;;;;OAMG;IACH,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,gBAAgB;CAOpE"}
|
package/dist/lib.d.ts
CHANGED
|
@@ -6,11 +6,12 @@ import { fetch, fetchRaw } from "./lib/fetch";
|
|
|
6
6
|
import { RegisterKind, a } from "./lib/k8s/index";
|
|
7
7
|
import Log from "./lib/logger";
|
|
8
8
|
import { PeprModule } from "./lib/module";
|
|
9
|
-
import {
|
|
9
|
+
import { PeprMutateRequest } from "./lib/mutate-request";
|
|
10
|
+
import { PeprValidateRequest } from "./lib/validate-request";
|
|
10
11
|
import * as PeprUtils from "./lib/utils";
|
|
11
12
|
import type * as K8sTypes from "@kubernetes/client-node";
|
|
12
13
|
import type * as RTypes from "ramda";
|
|
13
14
|
export { a,
|
|
14
15
|
/** PeprModule is used to setup a complete Pepr Module: `new PeprModule(cfg, {...capabilities})` */
|
|
15
|
-
PeprModule,
|
|
16
|
+
PeprModule, PeprMutateRequest, PeprValidateRequest, PeprUtils, RegisterKind, Capability, Log, R, fetch, fetchRaw, fetchStatus, k8s, RTypes, K8sTypes, };
|
|
16
17
|
//# sourceMappingURL=lib.d.ts.map
|
package/dist/lib.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,CAAC,MAAM,OAAO,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,CAAC,MAAM,OAAO,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAGzC,OAAO,KAAK,KAAK,QAAQ,MAAM,yBAAyB,CAAC;AACzD,OAAO,KAAK,KAAK,MAAM,MAAM,OAAO,CAAC;AAErC,OAAO,EACL,CAAC;AACD,mGAAmG;AACnG,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,SAAS,EACT,YAAY,EACZ,UAAU,EACV,GAAG,EACH,CAAC,EACD,KAAK,EACL,QAAQ,EACR,WAAW,EACX,GAAG,EAGH,MAAM,EACN,QAAQ,GACT,CAAC"}
|